Skip to content

LuciferForge/mcp-security-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src/mcp_security_audit
src/mcp_security_audit
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
scan_results.json
scan_results.json
 
 

Repository files navigation

mcp-security-audit

PyPI version License: MIT Python 3.10+

Security auditor for MCP servers. Connects to any MCP server, enumerates its tools/resources/prompts, scans for injection patterns, classifies risk levels, and produces a scored report (0-100, grades A-F).

Works as a CLI tool (mcp-audit) or as an MCP server itself (mcp-security-audit).

Install

pip install mcp-security-audit

CLI Usage

Text report

mcp-audit scan --server "python -m my_mcp_server"

JSON report

mcp-audit scan-json --server "python -m my_mcp_server" --output report.json

With live injection tests

mcp-audit scan --server "python -m my_mcp_server" --live-tests

CI/CD

Exit code 0 for grade A/B, 1 for C/D/F:

mcp-audit scan --server "uvx some-server" || echo "Security audit failed"

MCP Server Mode

Use as an MCP server so AI assistants can audit other servers:

Claude Code

claude mcp add mcp-security-audit -- uvx mcp-security-audit

Manual

{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "uvx",
      "args": ["mcp-security-audit"]
    }
  }
}

Tools exposed

Tool What it does
audit_scan Full security audit with text report
audit_quick_scan Quick scan — score, grade, top findings
audit_classify Classify a single tool's risk level
audit_check_text Scan text for injection patterns

What It Checks

  1. Tool risk classification — categorizes every tool as SHELL / FILE / DATABASE / NETWORK / SAFE
  2. Injection pattern scanning — scans tool and prompt descriptions for 22 injection patterns
  3. Resource URI analysis — flags sensitive paths (.env, .ssh, credentials, etc.)
  4. High-risk ratio — warns if >50% of tools are FILE or SHELL level
  5. Undocumented tools — flags tools missing descriptions
  6. Attack surface — warns on 20+ tools (large) or 50+ (very large)
  7. Live injection tests (opt-in) — sends payloads to string-parameter tools

Scoring

Starts at 100, deducts per finding:

Severity Deduction
CRITICAL -25
HIGH -15
MEDIUM -8
LOW -3

Bonus: +1 per documented tool (max +5).

Grades: A (90+), B (75+), C (60+), D (40+), F (<40)

Example Output

============================================================
  MCP SECURITY AUDIT REPORT
============================================================

  Server:  python -m agent_safety_mcp.server
  Tools:   13
  Score:   92/100  (Grade A)

------------------------------------------------------------
  TOOL CLASSIFICATION
------------------------------------------------------------
  Tool                           Risk       Matched
  cost_guard_configure           SAFE       -
  cost_guard_status              SAFE       -
  injection_scan                 SAFE       -
  trace_save                     FILE       !!save, file
  ...

Dependencies

Part of the LuciferForge AI Agent Infrastructure Stack.

License

MIT

About

Security auditor for MCP servers. Purpose-aware scoring, injection testing, compliance checks.

Topics

security-audit mcp ai-agents mcp-server agent-safety

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages